1. Field of the Invention
The present invention relates to security management technology of home network devices, and more particularly to a security management system and method of home network.
2. Description of the Related Art
At present, an ADSL modem that conventionally realizes only the access function is about to be replaced by a device named “home gateway (HGW)” with more comprehensive functions. As shown in FIG. 1, the HGW not only realizes the access and routing functions of the ADSL modem, but also integrates the LAN switching function, provides the firewall, NAT, QoS, time service, and the like, and even directly provides the VoIP service. Moreover, the HGW generally provides a wireless access function, so that a computer with a wireless network card can be connected with the HGW without any wire.
The UPnP technology forum is an organization researching the plug and play technology of home network devices and initiated by the Microsoft Corporation. The organization researches the Universal Plug and Play (UPnP) communication protocol with the aim of enabling any intelligent household appliance devices including household information devices to be used upon access to the network with this protocol as easily as the household appliances nowadays without requiring expertise of users. Such a network is called a UPnP network.
The UPnP protocol logically categorizes network entities into control points (CPs) and devices. The CPs discover and control the devices. The CP actively queries for existing devices on the network after the startup. The device realizes a specific application function. After the startup, the device declares its existence to the outside so as to be discovered by the CPs and publicizes events it may produce in the declaration. After discovering the device, the CP can subscribe an event of the device which interests the CP. The device sends this event to the CP subscribing this event after producing the event. The CP may control the event of the device correspondingly. The CP may control the device automatically or via a man-machine interface. It should be noted that the devices mentioned in UPnP are logical entities instead of physical devices. One physical device may consist of one or more UPnP devices, or further include one CP entity. One physical device may also consist of one CP only. In special cases, one physical device may include multiple CPs, for example, multiple pieces of software on the computer realizing functions of multiple CP entities.
The UPnP protocol also has a security mechanism, and thus a security console (SC) entity is added. The SC is not only a CP but also a device. As a CP, the SC can discover and control other devices/SCs. As a device, the SC can declare itself to other CPs/SCs and be controlled.
The UPnP security mechanism is adopted in consideration of the access to and control on security devices of the CP/SC. UPnP categorizes devices into security devices and non-security devices. The access to and control on the security device is limited and needs to be authorized by the security device. Moreover, when accessing a security device, the accessing device needs to be certified.
The UPnP device provides one or more services. The difference between the security device and the non-security device lies in that the security device has a special security service. Through the security service of the device, the SC can obtain the key, certificate, access control list, owner list, and other information for operating the device. The UPnP security device uses the owner list, the access control list, and the certificate as three elements to compose an access authority management security framework.
The device stores an owner list that records which CPs/SCs own this device. The CPs/SCs (i.e. owners) that own this device have 100% control right on this device. The first owner (necessarily the SC) of the device obtains the ownership of this device through the Simple Service Discovery Protocol (SSDP) in combination with a manual operation. Every security device has an initial key system. In order to realize the operation of first owning, the security device has a security ID and an initial password (it should be noted that the SC is also a security device) that both can be obtained directly from the machine body, display, or random card of the device. When the device has a null owner list and accesses the UPnP network, the SC can discover this device through the auto-discovery protocol, determine it to be a security device through the characteristic that it has a security service, read a security ID of the device, and then display it to the user. The user identifies the device through the security ID, selects the device, and then names the device. The named device is displayed with its name instead of the security ID (the name is stored on the SC). The user can continue to input the initial password of the device. After a confirmation, the SC sends its own security ID to the device. The device adds this SC into the owner list, and the SC owns this device. Thereafter, other SCs/CPs can own this device through the authorization operation on this SC.
The device also stores an access control list to partly authorize the CPs/SCs. The partly authorized CPs/SCs do not own this device and can only perform a limited access to this device. The user may edit the access control list on the SC owning this device. The statements that the device authorizes the CPs/SCs and that the owner SC of the device authorizes other CPs/SCs have the same meaning, because if an owner completely owns the device, the owner becomes a right proxy of the device.
Every CP/SC that can operate the security device holds a certificate indicating the legal authority of this device. This certificate is generated by the owner SC of the device.
The UPnP security mechanism also uses a signature and encryption manner to ensure the security of messages. The device has an initial public key that can be obtained directly by the SC. The security ID of the security device is in fact a visual hash value based on its public key with generally short bits, which is used for identification only and equivalent to the name. This security ID is obtained by both the SC and the device with exactly the same hash algorithm.
The UPnP security mechanism is equally applicable to a wired or wireless access and of course is proposed for the wireless access first. The wired access is physically restricted to the inside of the home that is considered secure. As shown in FIG. 2, in respect of the wireless access, an illegal CP/SC cannot operate the security device since it cannot be authorized by the security device, thereby ensuring the security. Similarly, this mechanism equally works on the wired access extended to outdoors.
As can be seen from the above description, the UPnP security mechanism has the following defects.
(1) The UPnP security mechanism needs the manual intervention. The owning and authorization processes described by the UPnP security mechanism are not simple, and the user is still required to possess certain expertise, for example, knowledge about the owner list, access control list, and the like.
(2) The UPnP security mechanism disenables unauthorized (physical) devices to access security devices protected by the authority, but can neither prevent illegal users from accessing those security devices nor prevent non-UPnP security devices from accessing the network and further accessing the Internet via the HGW, i.e., embezzling Internet access accounts. The latter situation easily occurs when the wireless access is used.
(3) Before transferring (for example, reselling) a UPnP device, the device must be recovered to its initial state, i.e., factory settings and unownedness artificially. In the case of a transfer before the recovery to the initial state (for example, a theft), the case of the account embezzlement easily occurs. For example, a VoIP user device generally associates a calling number with the device itself. After the device is transferred elsewhere, the original number can still be used to make an IP call.